Cyber Security Tips
The section provides general security guidance for staff and students in support of their day-to-day tasks.
Institute employees are provided with user account credentials (username/password) following registration with the department of Human Resources. User Accounts are normally created within one working day of receipt of registration information from Human Resources. The following services will require the use of user accounts.
Make sure your password conforms to a strong password as per Password section. It only takes a hacker 10 minutes to crack a password that is all lowercase – which is considered weak.
Never share your password with anyone (including Computer Services staff). No one will ever legitimately ask you for your password or PIN number, either over the phone or in an e-mail. Make use of
2-factor authentication (where available) to protect your online accounts.
2. Be wary of web links in e-mails and on web sites (think before you click)
If you receive a web link within an email from someone you don’t know or even receive a web link unexpectedly from a friend, colleague or business associate, whose computer may be infected with a virus, check the link first either by contacting the person or checking the link with a Computer Services staff member.
Links could refer you to sites containing harmful viruses or spoof web sites
Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in electronic communications. Communications purporting to be from popular web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting. Be wary!
3. Protecting Information
The potential impact of unauthorised access to, usage of, or modification of, important and/or sensitive or confidential LYIT information can far outweigh the cost securing the information in the first place. The financial costs associated with litigation, risk mitigation and/or reputational loss, as a consequence of theft or unauthorised access to information held by LYIT may be enormous. Consequently, it is essential that custodians / authorised users of LYIT information follow these guidelines at all times.
- Is the device encrypted? Yes
- Is there a strong password required to access the sensitive or confidential information? Yes
- Is the device holding the sensitive or confidential information physically secured? Yes
- Is anti-virus and security patches updated regularly on my computer? Yes
- Is sensitive or confidential LYIT information stored on my personal home computing devices or computer equipment within general usage areas (e.g. Library, Computer Labs) ? No
- Is sensitive or confidential LYIT information stored on my public folder ? No
- Is sensitive or confidential LYIT information stored on non-approved commercial cloud services (Dropbox, OneDrive (non-college account), iCloud, etc.)? No
If your answers don’t correspond to the above answers, then contact Computer Services helpdesk as a matter of priority.
Check our End User Guidelines document for guidance on managing LYIT information resources and Encryption Protection Standard document which is to provide specific guidance to LYIT staff and students in relation to using encryption technology to protect data stored or data transmitted electronically.
4. Backing up your Information
Make full use of your network storage drive (X Drive) which is regularly backed up; Archive e-mail to regularly your X Drive.
Please note it is important to backup data residing on your local computer or external devices (external hard drive, Memory Stick, DVD, etc.) regularly to protect against data loss in event of unexpected hardware failure or software failure. Computer Services does not backup data residing on your local computer or external devices.
Check our End User Guidelines document, section 6.5, for more guidance on backup.
5. Secure your personal computer
Lock your terminal (by pressing ctrl, alt & del key together) when away from your desk; physically secure your laptop.
Check our End User Guidelines document, section 6.1, for more guidance on physical security.
6. Don’t install unauthorised software onto Institute Computer Equipment
Be aware software downloaded from the Internet can carry malicious code (Malware, Spyware & Adware) which can compromise your computer equipment and information store on the computer. Various forms of Malware, Spyware & Adware are not classified as viruses so your anti-virus will not detect it. In most cases when installing free software from the Internet, the small print in the terms and conditions is requesting your consent to install Malware, Spyware or Adware.
7. Seek advice and assistance from Computer Service Helpdeskt
If you need to seek any advice or guidance on the above 6 points or any other aspect of IT security please contact the Computer Services Helpdesk on 074 91 6050 or firstname.lastname@example.org